Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to open .exe files


  • This topic is locked This topic is locked
33 replies to this topic

#1 Ikari01

Ikari01

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 14 June 2012 - 12:56 AM

A couple of month ago a was getting Google redirect that turned into the only thing I'm able to do is open my documents and stare at files, no .exe files will open. I'm running windows 7 64bit would really appreciate the help, thank you.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 PM

Posted 14 June 2012 - 01:36 AM

Please download exeHelper to your desktop.

http://www.raktor.net/exeHelper/exeHelper.com

Double-click on exeHelper.com to run the fix.

A black window should pop up, press any key to close once the fix is completed.

See if you can launch exe files now

good luck

#3 Ikari01

Ikari01
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 14 June 2012 - 03:11 AM

Thanks for the quick response. I went ahead and downloaded exHelper, after running it the black screen blink for a quick second tried to lunch a .exe file but no dice.

Let me know if you need anymore information, that can help.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 PM

Posted 14 June 2012 - 07:13 AM

Boot the PC into safemode with networking

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot let me know what it finds

What happens when you launch MY DOCUMENTS or other applications ? do you receive any errors?

#5 Ikari01

Ikari01
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 14 June 2012 - 08:33 PM

I downloaded FIXTDSS but it won't run, not even on SAFE MODE. When I open "My Documents" they open with no problem and fast.

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 PM

Posted 14 June 2012 - 09:03 PM

Can you launch applications in safemode?

Can you create a new user account and see if it works?

#7 Ikari01

Ikari01
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 14 June 2012 - 09:24 PM

I'm unable to lunch applications on SAFE MODE and when I try to create a new account using "Control Panel> All Control Panel Items> User Accounts> Manage Accounts" I click "Create Account" I get no response, I clicked right underneath where it says "What is a user account" to see if I get a reaction and got one immediately.

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:16 PM

Posted 14 June 2012 - 09:56 PM

Let me ask a malware response team member to assist you

good luck

#9 Ikari01

Ikari01
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 14 June 2012 - 10:04 PM

Thank you very much for your help and time.

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:16 AM

Posted 15 June 2012 - 12:52 AM

Hi and :welcome:

Before we start, please read the following suggestions:

  • Do not download and run tools unless instructed.

    We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.


  • Do not attach logs or use code boxes unless instructed, just copy and paste the text on your reply.

    Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read them in your post.


  • Please read every post completely before doing anything.

    Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

  • Please provide feedback about your experience as we go.

    A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.


NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: Save the instructions in notepad or print them if necessary, so you can have access to these, should you require to go offline during the cleanup process.


---------------------------------------------


Lets give it a try. You will need a USB Flash drive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

Once this is done, type the following in the edit box in FRST64 after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it will produce in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 Ikari01

Ikari01
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 17 June 2012 - 02:45 AM

I went ahead and followed your instructions, the following is the results of the FRST64.exe scan:

Scan result of Farbar Recovery Scan Tool Version: 17-06-2012
Ran by SYSTEM at 17-06-2012 00:05:06
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808168 2010-06-10] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM-x32\...\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" [468264 2009-06-23] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [273544 2011-08-03] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKU\Guest\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)
HKU\Guest\...\Policies\system: [WallpaperStyle] 2
HKU\Mcx1-OWNER-PC\...\Policies\system: [WallpaperStyle] 2
HKU\Mcx1-OWNER-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
HKU\owner\...\Run: [Google Update] "C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2009-12-24] (Google Inc.)
HKU\owner\...\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s [929680 2011-09-28] (Samsung)
HKU\owner\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3508112 2011-09-28] (Samsung Electronics Co., Ltd.)
HKU\owner\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [20880 2011-09-28] ()
HKU\owner\...\Run: [JavaNotifierBackup] rundll32.exe "C:\ProgramData\JavaNotifierBackup.dll",DllRegisterServer [83968 2011-10-22] (Microsoft Corporation)
HKU\owner\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /c [307768 2010-08-28] ()
HKU\owner\...\Policies\system: [WallpaperStyle] 2
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Startup: C:\Users\owner\Start Menu\Programs\Startup\Pandora.lnk
ShortcutTarget: Pandora.lnk -> C:\Program Files (x86)\Pandora\Pandora.exe (No File)

==================== Services (Whitelisted) ======

2 BackupService; C:\Users\owner\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [85560 2011-06-21] (Hewlett-Packard Company)
2 Lavasoft Ad-Aware Service; "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe" [2152152 2011-09-02] (Lavasoft Limited)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2009-12-30] ()
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-01-21] ()

========================== Drivers (Whitelisted) =============

3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [138752 2009-05-26] (Intel® Corporation)
3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-02-04] ()
0 Lbd; C:\Windows\System32\Drivers\Lbd.sys [69152 2010-07-06] (Lavasoft AB)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [216064 2009-06-04] (Realtek Semiconductor Corp.)
3 ssadbus; C:\Windows\System32\Drivers\ssadbus.sys [157672 2011-07-19] (MCCI Corporation)
4 eabfiltr; [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-16 23:48 - 2012-06-17 00:05 - 00000000 ____D C:\FRST
2012-06-14 18:27 - 2012-06-14 18:28 - 00000000 ____D C:\Users\Guest\AppData\LocalLow
2012-06-14 18:27 - 2012-06-14 18:27 - 00000020 __ASH C:\Users\Guest\ntuser.ini
2012-06-14 18:27 - 2012-06-14 18:27 - 00000000 __SHD C:\Users\Guest\Templates
2012-06-14 18:27 - 2012-06-14 18:27 - 00000000 __SHD C:\Users\Guest\Start Menu
2012-06-14 18:27 - 2012-06-14 18:27 - 00000000 __SHD C:\Users\Guest\PrintHood
2012-06-14 18:27 - 2012-06-14 18:27 - 00000000 __SHD C:\Users\Guest\NetHood
2012-06-14 18:27 - 2012-06-14 18:27 - 00000000 __SHD C:\Users\Guest\My Documents
2012-06-14 18:27 - 2012-06-14 18:27 - 00000000 __SHD C:\Users\Guest\Documents\My Videos
2012-06-14 18:27 - 2012-06-14 18:27 - 00000000 __SHD C:\Users\Guest\Documents\My Pictures
2012-06-14 18:27 - 2012-06-14 18:27 - 00000000 __SHD C:\Users\Guest\Documents\My Music
2012-06-14 18:27 - 2012-06-14 18:27 - 00000000 __SHD C:\Users\Guest\AppData\Local\Temporary Internet Files
2012-06-14 18:27 - 2012-06-14 18:27 - 00000000 __SHD C:\Users\Guest\AppData\Local\History
2012-06-14 18:27 - 2012-06-14 18:27 - 00000000 ____D C:\users\Guest
2012-06-14 18:27 - 2009-12-22 13:12 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2012-06-14 18:27 - 2009-12-19 13:11 - 00000000 ____D C:\Users\Guest\AppData\Local\Geek Squad 24 Hour Computer Support
2012-06-14 18:27 - 2009-11-11 11:26 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Media Center Programs
2012-06-14 17:27 - 2012-06-15 00:15 - 01932256 ____A (Symantec Corporation) C:\Users\owner\Documents\FixTDSS.exe
2012-06-14 00:01 - 2012-06-13 23:51 - 00294400 ____A C:\Users\owner\Documents\exeHelper.com
2012-06-13 21:18 - 2012-06-13 21:12 - 00002127 ____A C:\Users\owner\Documents\win7-regfix.reg

============ 3 Months Modified Files and Folders =============

2012-06-16 22:39 - 2009-11-11 10:37 - 01170177 ____A C:\Windows\WindowsUpdate.log
2012-06-16 22:37 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-16 22:37 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-16 22:36 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-16 22:28 - 2010-07-07 13:19 - 00216527 ____A C:\aaw7boot.log
2012-06-16 22:28 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-16 22:28 - 2009-07-13 20:51 - 00298010 ____A C:\Windows\setupact.log
2012-06-15 05:55 - 2009-12-24 19:37 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3500626618-1952196505-2329301578-1000UA.job
2012-06-15 02:03 - 2009-12-24 19:37 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3500626618-1952196505-2329301578-1000Core.job
2012-06-15 00:15 - 2012-06-14 17:27 - 01932256 ____A (Symantec Corporation) C:\Users\owner\Documents\FixTDSS.exe
2012-06-14 18:28 - 2012-06-14 18:27 - 00000000 ____D C:\Users\Guest\AppData\LocalLow
2012-06-14 18:27 - 2012-06-14 18:27 - 00000020 __ASH C:\Users\Guest\ntuser.ini
2012-06-14 18:27 - 2012-06-14 18:27 - 00000000 __SHD C:\Users\Guest\Templates
2012-06-14 18:27 - 2012-06-14 18:27 - 00000000 __SHD C:\Users\Guest\Start Menu
2012-06-14 18:27 - 2012-06-14 18:27 - 00000000 __SHD C:\Users\Guest\PrintHood
2012-06-14 18:27 - 2012-06-14 18:27 - 00000000 __SHD C:\Users\Guest\NetHood
2012-06-14 18:27 - 2012-06-14 18:27 - 00000000 __SHD C:\Users\Guest\My Documents
2012-06-14 18:27 - 2012-06-14 18:27 - 00000000 __SHD C:\Users\Guest\Documents\My Videos
2012-06-14 18:27 - 2012-06-14 18:27 - 00000000 __SHD C:\Users\Guest\Documents\My Pictures
2012-06-14 18:27 - 2012-06-14 18:27 - 00000000 __SHD C:\Users\Guest\Documents\My Music
2012-06-14 18:27 - 2012-06-14 18:27 - 00000000 __SHD C:\Users\Guest\AppData\Local\Temporary Internet Files
2012-06-14 18:27 - 2012-06-14 18:27 - 00000000 __SHD C:\Users\Guest\AppData\Local\History
2012-06-14 18:27 - 2012-06-14 18:27 - 00000000 ____D C:\users\Guest
2012-06-14 17:30 - 2010-05-13 00:23 - 13509348 ____A C:\Windows\ntbtlog.txt
2012-06-13 23:51 - 2012-06-14 00:01 - 00294400 ____A C:\Users\owner\Documents\exeHelper.com
2012-06-13 21:12 - 2012-06-13 21:18 - 00002127 ____A C:\Users\owner\Documents\win7-regfix.reg
2012-06-10 18:14 - 2009-07-13 21:08 - 00032638 ____A C:\Windows\Tasks\SCHEDLGU.TXT


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 21%
Total physical RAM: 3003.19 MB
Available physical RAM: 2358.32 MB
Total Pagefile: 3001.34 MB
Available Pagefile: 2345.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:285.98 GB) (Free:29.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:11.91 GB) (Free:2 GB) NTFS
4 Drive g: () (Removable) (Total:7.4 GB) (Free:7.4 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7580 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 285 GB 200 MB
Partition 3 Primary 11 GB 286 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 285 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 11 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7579 MB 1024 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 7579 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-13 22:03

======================= End Of Log ==========================





This is the results of the services.exe search:


Farbar Recovery Scan Tool Version: 17-06-2012
Ran by SYSTEM at 2012-06-17 00:15:57
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:16 AM

Posted 17 June 2012 - 11:21 AM

The report shows no problems. Lets run rkill to terminate programs running in the background prior to any tool. Lets start by attempting to run Combofix:

Please download Rkill by Grinler from any of the following locations, to your desktop, but do not run it yet:


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Run rkill. (Vista and Win7: to run the application, right click on Rkill and choose Run as an Administrator)
  • Then double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 Ikari01

Ikari01
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 18 June 2012 - 11:39 PM

I followed your instructions and tried to run RKill, but the program never ran, is there anything else I can try?

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:12:16 AM

Posted 19 June 2012 - 01:07 AM

Lets remove one entry in the registry that may be working against us.

Download the enclosed file.

Save it next to FRST64. Run FRST64 as you did before, except that this time around click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

If successful, boot in Normal Mode and attempt to run Combofix. Let me know the outcome.

Edited by JSntgRvr, 19 June 2012 - 01:15 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 Ikari01

Ikari01
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 19 June 2012 - 02:54 AM

As soon as I get off work I'll follow your instructions. I just want to say thanks for your time and help I really appreciate it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users